Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
OpenComponents, serverless in the front-end world.
OpenComponents is an open-source framework that allows fast-moving teams to easily build and deploy front-end components. It abstracts away complicated infrastructure and leaves developers with very simple, but powerful building blocks that handle scale transparently.
First, you create your component. It can contain logic to get some data (using node.js) and then the view, including css and js. It can be what you want, including React or Angular components or whatever you like.
Then, you publish it to the OpenComponents registry and you wait a couple of seconds while the registry prepares your stuff to be production-ready.
Now, every web app in your private or public network can consume the component via its own HTTP endpoint during server-side rendering or just in the browser.
We have been using it for more than two years in production at OpenTable, for shared components, third party widgets, e-mails and more. Learn more about OC.
Disclaimer: This project is still under heavy development and the API is likely to change at any time. In case you would find any issues, check the troubleshooting page.
MIT
FAQs
A framework for developing and distributing html components
The npm package oc receives a total of 594 weekly downloads. As such, oc popularity was classified as not popular.
We found that oc demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.